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Remarks 

Claims 1 , 2, 5-1 0, 15-21, 24, 26, and 27 are pending. 

Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
8/18/2008 has been entered. 

Claim Objections 

2. Claim 26 is objected to because of the following informalities: 

Claim 26 still states "the secure tunnel" and is not clear as to which secure tunnel 
this is referring to. Claim 26 also states "the second wireless device" which is not found 
in parent claim 24. On the whole, claim 26 is rather unclear as well. This claim refers to 
mutually authenticating a single device. The claim also recites that the wireless device 
is "configured to establish a subsequent, new secure tunnel by establishing a session 
key seed for deriving a master session key", which appears to mean that the device 
gets a seed used to create the session key for a subsequent tunnel, but the awkward 
wording makes it hard to understand, particularly with respect to the "master" session 
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key, as master appears to be primarily used to refer to the PAC, and not a subsequent 
key. 

Appropriate correction is required. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1, 2, 5, 6, 9, 10, 15-21, 24, 26, and 27 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Dogan (U.S. Patent Application Publication 
2004/0268126) in view of Kuehr-McLaren (U.S. Patent 6,978,298) and Funk (PAUL 
FUNK, Simon Blake Wilson; "draft-ietf-eap-ttls-02.txt: EAP Tunneled TLS Authentication 
Protocol (EAP-TTLS)"; Internet-Draft PPPEXT Working Group; 30 Nov. 2002, pp. 1-40). 
Regarding Claim 1, 

Dogan discloses a method of authenticating communication 
between a first and a second party, the method comprising: 

Establishing a first secure tunnel between the peer and the server 
using asymmetric encryption if a shared secret does not exist between the 
two (Paragraphs 22-23); 
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Receiving the shared secret via the first secure tunnel between the 
peer and the sever responsive to the shared secret not previously existing 
and establishing the first secure tunnel (Paragraphs 22-23); 

Tearing down the first tunnel (Figure 2A; and Paragraphs 7 and 22- 
24; although "tearing down" is not explicitly stated, it is clear that the 
registration connection is decoupled from the connections that are later 
opened, and that the registration connection/tunnel is terminated once the 
parameters discussed in paragraphs 22-23 are distributed); 

Establishing a subsequent, new secure tunnel between the peer 
and the server using symmetric encryption and the shared secret after 
tearing down the first tunnel and after the peer has received the shared 
secret (Paragraphs 24-26); 

Mutually deriving a tunnel key for the subsequent new secure 
tunnel using symmetric cryptography based on the shared secret 
responsive to establishing the subsequent, new secure tunnel 
(Paragraphs 24-26); and 

Authenticating a relationship between the peer and the server 
within the subsequent secure tunnel upon mutually deriving the tunnel key 
for the subsequent new secure tunnel (Paragraphs 24-26; this relationship 
is authenticated by the fact that both entities, and only those entities, can 
generate the connection secret); 
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But does not explicitly disclose determining whether a shared 
secret exists between a peer and a server. 

Kuehr-McLaren, however, discloses determining whether a shared 
secret exists between a peer and a server (Column 6, line 29 to Column 7, 
line 25; and Column 1 1 , lines 1 2-32). It would have been obvious to one 
of ordinary skill in the art at the time of applicant's invention to incorporate 
the session management system of Kuehr-McLaren into the secret/key 
generation system of Dogan in order to allow the system to cache session 
information for a particular amount of time and dynamically modify and/or 
update the amount of time based upon the needs of the system and its 
users, thereby allowing for optimized performance while maintaining a 
high level of security. 

Funk, however, discloses authenticating both the peer and the 
server to each other by means other than the mere fact that both entities 
can generate the correct key or secret (Pages 8-10, sections 4.1-4.3; 
Pages 11-13, sections 6-6.2; and Page 20, section 1 0). It would have 
been obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate the extensible authentication system of Funk into 
the secret/key generation system of Dogan as modified by Kuehr-McLaren 
in order to provide a number of authentication mechanisms that can be 
used to authenticate entities in the system, while protecting the 
authentication information such that it cannot be accessed by any entities 
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that cannot derive the connection secret/tunnel key, thereby providing 
additional security in the system. 

Regarding Claim 17, 

Claim 17 is a system claim that corresponds to method claim 1 and 
is rejected for the same reasons. 

Regarding Claim 2, 

Dogan as modified by Kuehr-McLaren and Funk discloses the 
method of claim 1 , in addition, Dogan discloses protecting the termination 
of the authenticated conversation by use of a tunnel encryption and 
authentication to protect against a denial of service by an unauthorized 
user (Paragraphs 22-25); and Funk discloses protecting the termination of 
the authenticated conversation by use of a tunnel encryption and 
authentication to protect against a denial of service by an unauthorized 
user (Pages 9-15, sections 4.3-6.4). 

Regarding Claim 5, 

Dogan as modified by Kuehr-McLaren and Funk discloses the 
method of claim 1, in addition, Dogan discloses that the shared secret is a 
protected access credential (Paragraphs 22-25). 

Regarding Claim 20, 

Claim 20 is a system claim that corresponds to method claim 5 and 
is rejected for the same reasons. 

Regarding Claim 6, 
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Dogan as modified by Kuehr-McLaren and Funk discloses the 
method of claim 5, in addition, Dogan discloses that the protected access 
credential includes a protected access credential key (Paragraphs 22-25). 
Regarding Claim 9, 

Dogan as modified by Kuehr-McLaren and Funk discloses the 
method of claim 6, in addition, Funk discloses that the protected access 
credential includes a protected access credential opaque element (Pages 
3-4, section 1; and Pages 10-13, sections 5-6.2). 
Regarding Claim 10, 

Dogan as modified by Kuehr-McLaren and Funk discloses the 
method of claim 6, in addition, Funk discloses that the protected access 
credential includes a protected access credential information element 
(Pages 11-13, sections 6-6.2). 
Regarding Claim 15, 

Dogan as modified by Kuehr-McLaren and Funk discloses the 
method of claim 1 , in addition, Funk discloses that the step of 
authenticating is performed using EAP-GTC (Pages 21-22, section 
10.2.1). 
Regarding Claim 16, 

Dogan as modified by Kuehr-McLaren and Funk discloses the 
method of claim 1 , in addition, Funk discloses that the step of 
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authenticating is performed using Microsoft MS-CHAP v2 (Pages 23-24, 
section 10.2.4). 
Regarding Claim 18, 

Dogan as modified by Kuehr-McLaren and Funk discloses the 
system of claim 17, in addition, Funk discloses that the communication link 
is a wireless network (Pages 4-5, section 2). 
Regarding Claim 19, 

Dogan as modified by Kuehr-McLaren and Funk discloses the 
system of claim 17, in addition, Funk discloses that the communication link 
is a wired network (Pages 4-5, section 2). 
Regarding Claim 21 , 

Dogan as modified by Kuehr-McLaren and Funk discloses the 
system of claim 18, in addition, Funk discloses t hat the wireless network 
is an 802.1 1 wireless network (Pages 4-5, section 2). 
Regarding Claim 24, 

Dogan discloses a wireless device comprising: 

A wireless network adapter for sending and receiving wireless 
signals with a server (Paragraphs 33-34); 

Wherein the wireless device is configured to receive a shared 
secret from the server if no shared secret exists with the server, by 
establishing a first secure tunnel with the server using asymmetric 
encryption, receiving the shared secret via the first secure tunnel from the 
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server, and tearing down the first secure tunnel after receiving the shared 
secret (Paragraphs 7, 22-24, 34, and 51); 

Wherein the wireless device is configured to establish a 
subsequent, new secure tunnel between the wireless device and the 
server after the first tunnel has been torn down and if the shared secret 
exists by using the shared secret to mutually derive a tunnel key using 
symmetric cryptography based on the shared secret (Paragraphs 24-26); 
and 

Wherein the wireless device is configured to mutually authenticate 
with the server employing the subsequent new secure tunnel (Paragraphs 
24-26); 

But does not explicitly disclose determining whether a shared 
secret exists between a peer and a server. 

Kuehr-McLaren, however, discloses determining whether a shared 
secret exists between a peer and a server, and receiving the shared 
secret upon determining that a shared secret does not exist with the 
server (Column 6, line 29 to Column 7, line 25; and Column 1 1 , lines 12- 
32). It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the session management 
system of Kuehr-McLaren into the secret/key generation system of Dogan 
in order to allow the system to cache session information for a particular 
amount of time and dynamically modify and/or update the amount of time 
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based upon the needs of the system and its users, thereby allowing for 
optimized performance while maintaining a high level of security. 

Funk, however, discloses authenticating both the peer and the 
server to each other by means other than the mere fact that both entities 
can generate the correct key or secret (Pages 8-10, sections 4.1-4.3; 
Pages 11-13, sections 6-6.2; and Page 20, section 1 0). It would have 
been obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate the extensible authentication system of Funk into 
the secret/key generation system of Dogan as modified by Kuehr-McLaren 
in order to provide a number of authentication mechanisms that can be 
used to authenticate entities in the system, while protecting the 
authentication information such that it cannot be accessed by any entities 
that cannot derive the connection secret/tunnel key, thereby providing 
additional security in the system. 

Regarding Claim 26, 

Dogan as modified by Kuehr-McLaren and Funk discloses the 
device of claim 24, in addition, Funk discloses that the wireless device is 
further configured to establish a subsequent new secure tunnel by 
establishing a session key seed for deriving a master session key used for 
mutually authenticating the server employing the subsequent secure 
tunnel (Pages 11-16, sections 6-7). 

Regarding Claim 27, 
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Dogan as modified by Kuehr-McLaren and Funk discloses the 
method of claim 1, in addition, Dogan discloses establishing a plurality of 
subsequent new secure tunnels between the peer and server using the 
shared secret (Paragraphs 7, 22-26, and claim 10). 



4. Claims 5-1 0 and 20 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Dogan in view of Kuehr-McLaren and Funk, further in view of Downnard 
(Downnard, Ian, "Public-key cryptography extensions into Kerberos", IEEE December 
2002/January 2003, pp. 30-34). 
Regarding Claim 5, 

Dogan as modified by Kuehr-McLaren and Funk discloses the 
method of claim 1 , in addition, Dogan discloses that the shared secret is a 
protected access credential (Paragraphs 22-25); but does not explicitly 
disclose certain aspects of such a protected access credential. 

Downnard, however, discloses that the shared secret is a protected 
access credential (Pages 30 and 32, Kerberos and PKINIT sections). It 
would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the public-key-extended Kerberos 
system of Downnard into the EAP-TTLS system of Dogan as modified by 
Kuehr-McLaren and Funk in order to ensure authentication of entities 
wishing to communicate as well as a trusted party that distributes shared 
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secret information, while improving security and scalability through use of 
public keys for initial authentication. 

Regarding Claim 20, 

Claim 20 is a system claim that corresponds to method claim 5 and 
is rejected for the same reasons. 

Regarding Claim 6, 

Dogan as modified by Kuehr-McLaren, Funk, and Downnard 
discloses the method of claim 5, in addition, Downnard discloses that the 
protected access credential includes a protected access credential key 
(Pages 30 and 32, Kerberos and PKINIT sections). 

Regarding Claim 7, 

Dogan as modified by Kuehr-McLaren, Funk, and Downnard 
discloses the method of claim 6, in addition, Funk discloses that the 
protected access credential key is a strong entropy key (Page 16, section 
7); and Downnard discloses that the protected access credential key is a 
strong entropy key (Table 1 ; and Pages 30 and 32, Kerberos and PKINIT 
sections). 

Regarding Claim 8, 

Dogan as modified by Kuehr-McLaren, Funk, and Downnard 
discloses the method of claim 7, in addition, Downnard discloses that the 
entropy key is a 32-octet key (Table 1 ; and Pages 30 and 32, Kerberos 
and PKINIT sections). 
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Regarding Claim 9, 

Dogan as modified by Kuehr-McLaren, Funk, and Downnard 
discloses the method of claim 6, in addition, Downnard discloses that the 
protected access credential includes a protected access credential 
opaque element (Table 1; and Pages 30 and 32, Kerberos and PKINIT 
sections). 

Regarding Claim 10, 

Dogan as modified by Kuehr-McLaren, Funk, and Downnard 
discloses the method of claim 6, in addition, Downnard discloses that the 
protected access credential includes a protected access credential 
information element (Table 1; and Pages 30 and 32, Kerberos and PKINIT 
sections). 



Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Sirbu et al., "Distributed Authentication in Kerberos Using Public Key 
Cryptography", 1997, pp. 134-141. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JEFFREY D. POPHAM whose telephone number is 
(571)272-7215. The examiner can normally be reached on M-F 9:00-5:30. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571)272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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